Configuring HTTPS for VIS and PTK
The HTTPS protocol defines message formatting, transmission, and actions between the Web Browsers and Web Servers. HTTPS protocol works within the SSL/TLS protocol to provide a secure connection between two machines operating over the internet or internal network.
To configure HTTPS for the VXML Interaction Server (VIS) and the Platform ToolKit (PTK):
- Configure HTTPS between the voice browser and VIS
- Configure HTTPS between the web browser and Platform ToolKit
- Configure HTTPS between the Java web server and Platform ToolKit
Step 1: Configure HTTPS between the voice browser and VIS in Linux
Linux
Use the following instructions to configure HTTPS between the voice browser and VXML Interaction Server (VIS) in Linux environments:
- From root, enter the following command:
/usr/java/jre1.6.0_45/bin/keytool -genkey -alias tomcat -keyalg RSA -dname "cn=CompanyName, ou=OrganizationalUnit, o=OrganizationName, c=CountryName" -keystore "/etc/VirtualHold/.keystore"
Where:
- Tomcat - Name of the certificate
- CompanyName - The name of the company
- OrganizationalUnit - The name of the organizational unit
- OrganizationName - The name of the organization
- CountryName - The name of the country
Enter the desired password for the keystore when prompted.
Enter the desired password for the created certificate when prompted.
Change the owner of the .keystore file to tomcat using the following command:
chown tomcat:tomcat /etc/VirtualHold/.keystore
Stop Tomcat if it is running.
Open the server.xml file found in the Tomcat installation directory. The default file location is /usr/local/tomcat7/conf/server.xml
Uncomment the Connector Port 8443 section.
Important: If using VIS in combination with Interactive Voice Gateway (IVG) 3.0.0 or later, update the port number to 9443. See Updating port number in IVG systems for instructions.<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />-->
Add the keystoreFile, keystorePass, and keyAlias attributes by entering the following line to the Connector tag in the Connector Port 8443 section:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"keystoreFile="/etc/VirtualHold/.keystore" keystorePass="Password from Step-2 above" keyAlias="tomcat" clientAuth="false" sslProtocol="TLS" />
Where:
- keystoreFile - the path to the created Keystore
- keystorePass - the keystore password created earlier
- tomcat - the friendly name of the created certificate
Save the server.xml file.
Start Tomcat.
Open a web browser and type https://IP_Address:8443 to see the Tomcat default page. If page is visible, stop Tomcat.
If using VIS in combination with IVG 3.0.0 or later, use https://IP_Address:9443.
Open the toolkit.properties file in a text editor. The default file location is /etc/VirtualHold/
In the #Name File Configuration section, change the webaudio path to //IP_Address:8443/If using VIS in combination with IVG 3.0.0 or later, update webaudio path to https://IP_Address:9443
If using VIS in combination with IVG 3.0.0 or later, update webaudio path to https://IP_Address:9443.
Save and close toolkit.properties file.
Restart Tomcat.
Windows
To configure HTTPS between the voice browser and VXML Interaction Server (in Apache Tomcat systems):
- From a command prompt, enter the command listed below
- Enter the desired password for the keystore when prompted.
- Enter the desired password for the created certificate when prompted.
- Open the server.xml file found in the Tomcat installation directory. The default location is C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\conf\server.xml.
- Uncomment the Connector Port 8443 section:
C:\Program Files (x86)\Java\jre6\bin\keytool" -genkey -alias tomcat-keyalg RSA -dname "cn=CompanyName, ou=OrganizationalUnit, o=CompanyName, c=CountryName" -keystore "C:\Users\Developer\.keystore"
Where:
- Tomcat - Name of the certificate
- CompanyName - The name of the company
- OrganizationalUnit - The name of the organizational unit
- OrganizationName - The name of the organization
- CountryName - The name of the country
Important: If using VIS in combination with Interactive Voice Gateway (IVG) 3.0.0 or later, update the port number to 9443. See Updating port number in IVG systems for instructions.<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />-->
Add the keystoreFile, keystorePass, and keyAlias attributes by entering the following line to the Connector tag in the Connector Port 8443 section:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/etc/VirtualHold/.keystore" keystorePass="Password from Step-2 above" keyAlias="tomcat" clientAuth="false" sslProtocol="TLS" />
Where:
- keystoreFile - the path to the created Keystore
- keystorePass - the keystore password created earlier
- tomcat - the friendly name of the created certificate
Save the server.xml file.
Start Tomcat.
Open a web browser and type https://IP_Address:9443to see the Tomcat default page. If page is visible, stop Tomcat.
If using VIS in combination with IVG 3.0.0 or later, use https://IP_Address:9443.
Open the toolkit.properties file in a text editor. The default file location is /etc/VirtualHold/
In the #Name File Configuration section, change the webaudio path to //IP_Address:9443/
If using VIS in combination with IVG 3.0.0 or later, change the webaudio path to https://IP_Address:9443.
Save and close toolkit.properties file.
Restart Tomcat.
Updating port number in IVG systems
If using VIS in combination with IVG 3.0.0 or later, the port number needs to be updated from 8443 to 9443. The IVG voice platform uses port 8443, which causes Tomcat to fail if the port number is not updated. Use the following steps to update lines of XML that contain the port number.
- Locate the following lines and update the port numbers to 9443:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Return to the previous step of Configuring HTTPS between the voice browser and VIS in Linux or Windows.
Step 2: Configure HTTPS between the web browser and Platform Toolkit
To configure HTTPS between the web browser and Platform Toolkit (in Apache Tomcat systems):
-
Open the Internet Information Services (IIS) Manager.
-
In the Connections pane, select the Web server.
- Obtain a software certificate. If necessary, perform the following to create a self signed certificate:
-
In Features view, double-click Server Certificates.
-
In the Actions pane, click Create Self-Signed Certificate.
-
On the Create Self-Signed Certificate page, enter a name for the certificate in the Specify Friendly Name window (refer to Step 1 of the previous section).
-
Click OK.
-
-
In the Connections area, select the Web site used by the Platform Toolkit.
-
In the Actions pane, click Bindings.
-
In the Site Bindings dialog box, click Add.
-
In the Add Site Binding dialog box, in the Type field, select https.
-
In the Add Site Binding dialog box, in the SSL Certificate field, select the name of the created certificate.
-
Click OK.
Step 3: Configure HTTPS between the Java Web server and Platform Toolkit
To configure HTTPS between the Java Web server and Platform Toolkit (in Apache Tomcat systems):
-
Open the certmgr.mcs file located in the C:\Windows\SysWOW64 or C:\Windows\System32 directory. This will launch Certificate Manager.
-
Select Trusted Root Certification Authority > Certificate.
-
Locate the row containing the friendly certificate name in the Friendly Name column.
-
Right-click the row and select All Tasks > Export.
-
Accept all defaults in the Certificate Export Wizard except for the File to Export window.
-
Enter a name for the certificate file in the File Name field and Click Finish.
-
From a command prompt, enter the following command:
"LocationofJavaWithApacheTomcat" -import -keystore "LocationofJavaWithApacheTomcat" -alias CertificateName -file CertificateFileName"
Where:
LocationofJavaWithApacheTomcat - the location of Java used by Apache Tomcat
LocationofJavaWithApacheTomcat - the location of Java used by Apache Tomcat
CertificateName - Friendly name of the certificate
NameofCertificateFile - the name of the Certificate file from Step 6
"LocationofJavaWithApacheTomcat" -import -keystore "LocationofJavaWithApacheTomcat" -alias CertificateName -file CertificateFileName"
-
Enter the password for the keystore that will contain the imported certification file when prompted.
-
Reenter the password for the keystore that will contain the imported certification file when prompted.
-
Click Yes to trust the certificate when prompted.
-
Open the toolkit.properties file in a text editor. The default file location is C:\VirtualHold.
-
In the #URL for PTK webservices section, change the http reference to https.
-
Verify the name of the server on which the certificate was created is used in the #URL for the PTK webservices section. For example, the name could be draco.qalab.local in https://draco.qalab.local/VHTPlatformWS-v4 or intrepid in https://intrepid/VHTPlatformWS-v4.
-
Restart Tomcat.